All that’s changing is our address…I will still be posting new Thoughts from the Cloud articles once per week. In fact, our latest blog post: When the security bill comes due is already waiting for you! You can update your RSS feeds at the new site. As always we appreciate your support.

All the past blog entries have been moved to the new site. I will keep this site up for a time, but I am redirecting all new activity to the new site. All new entries will be on the new site only…hope to “see” you there.

In terms of dollars and cents on a risk analysis spreadsheet, it is easier to put a value on a particular asset than the potential recurring value of a client, customer or even partner. Beyond lawsuits and capital and operational expenses to repair a mea culpa, weak cryptography, hack defenses or shoring an previously-undiagnosed vulnerability gap, the damage done to a brand because the user no longer trusts doing business with that company is staggering. Intrusion Securityhas a significant impact on customer retention.

Have you ever been asked to fight the state boxing champion with one hand tied behind your back? Many security professionals face this scenario every day. For many companies with whom I talk, there isn’t a lack of IT talent when it comes to security–just a lack of hours in the day, computing resources and necessary headcount with specific expertise to change the culture from reactive to proactive and strategic risk management.

A forensic analyst confirmed something that I long believed to be true. One of the greatest threats to an organization comes from within. Not everyone who exits a company leaves with a handshake and a gold watch. Often times there are hard feelings; that the employer wronged the former employee and that employee will exact a matter of revenge or feel justified to extract some sort of perceived compensation. Now this isn’t meant for you to look sideways at the person sitting in the next cubicle. However, access policies needs to be a part of any company’s internal risk assessment and security policy.

MSPs have a lot of responsibility for the IT assets of their clients. It is expected that MSPs will take certain precautions to safeguard client data and infrastructure. In this case, it’s not just the client and their sphere of access that touch the data, but oftentimes the employees/consultants/techs of the MSP themselves – and if their back door is open, the risk can be transferred to the client.

There are many of us who have been around IT long enough can even remember how storing 1MB on a 3.5” hard case floppy disk was cutting edge IT. Yes, I remember punch cards too, but the point is that IT grows up. It advances, evolves. Thirty years on from those halcyon days, IT is facing its latest crossroads: the movement away from on-premise solutions and the acceptance of cloud-based computing as the chief business driver.